Fortify Static Code Analyzer findings of CSRF in JSF 2.3?

Fortify SCA and Applications 18.20.

Every xhtml file with a h:form tag is getting flagged for Cross-Site Request Forgery. 

The recommendation states that "Most modern web application frameworks embed CSRF protection and they will automatically include and verify CSRF tokens." This project is using JSF 2.2 that is using a hidden field for a nonce. The hidden field named javax.faces.ViewState id injected in each page automatically. Is there a way to get Fortify to recognize this and not flag the findings?

<input type="hidden" name="javax.faces.ViewState" id="j_id__v_0:javax.faces.ViewState:1" value="ODlEOEFFNTA2RTY0RjczNzAwMDAwMDAx" autocomplete="off" />